Correct way to safely store token/secret/etc from OAuth?

Question

I just started looking into OAuth and it looks really nice. I have oauth with twitter working in ruby right now.

Now I\'m wondering, what is the recommended safe wa

Answer 1

If you're developing a web application you can add a hidden field to the form the user submits, with some hash-like value calculated with the user.id so evil guys cannot change that value and just "guess" for an access token